Backups in public clouds are particularly vulnerable to attacks at the storage provider level or through the unauthorized access to backups themselves. Because the public cloud is by definition off premises and remotely accessible, physical and organizational security measures cannot be applicable. This makes security of backups weak and fragile. Making them encrypted protects against these threats, and hopefully makes the security of these backups comparable to backups made and kept by the organization within itself.

Encrypted backups have definite downsides along two main lines: performance and key management. Obviously, encryption involves expensive computations. And losing keys may render backups unrecoverable with no recourse. This is especially dangerous in disaster recovery scenarios.

Because of Red Hat's Upstream First philosophy, the fundamental development is to be done in cooperation with the community. The spec was already proposed publicly, and the discussion held at the Caracal vPTG.